-
1.发明授权Systems and methods for evaluating and prioritizing responses from multiple OCSP responders 有权用于评估和优先考虑多个OCSP响应者的响应的系统和方法公开(公告)号:US08621204B2
公开(公告)日:2013-12-31
申请号:US12645664
申请日:2009-12-23
申请人: Christofer Edstrom , Tushar Kanekar
发明人: Christofer Edstrom , Tushar Kanekar
CPC分类号: H04L9/3268 , H04L63/0823 , H04L63/0884 , H04L63/166 , H04L67/2819 , H04L2209/38
摘要: The present invention is directed towards systems and methods for determining a status of a client certificate from a plurality of responses for an Online Certificate Status Protocol (OCSP) request. An intermediary device between a plurality of clients and one or more servers identifies a plurality of OCSP responders for determining a status of a client certificate responsive to receiving the client certificate from a client during a Secure Socket Layer (SSL) handshake. Each of the plurality of OCSP responders may transmit a request for the status of the client certificate to a uniform resource locator corresponding to each OCSP responder. The intermediary device may determine a single status for the client certificate from a plurality of statuses of the client certificate received via responses from each uniform resource locator.
摘要翻译: 本发明涉及用于根据在线证书状态协议(OCSP)请求的多个响应来确定客户端证书的状态的系统和方法。 多个客户端和一个或多个服务器之间的中间设备在安全套接层(SSL)握手期间,响应于从客户端接收到客户端证书,识别多个OCSP应答器,用于确定客户端证书的状态。 多个OCSP应答器中的每一个可以向与每个OCSP响应器对应的统一资源定位符发送客户端证书的状态请求。 中介设备可以根据从每个统一资源定位符的响应接收到的客户端证书的多个状态来确定客户端证书的单一状态。
-
2.发明授权Systems and methods for handling SSL session not reusable across multiple cores 有权用于处理SSL会话的系统和方法不能跨多个核心重复使用公开(公告)号:US08601556B2
公开(公告)日:2013-12-03
申请号:US12489333
申请日:2009-06-22
申请人: Tushar Kanekar
发明人: Tushar Kanekar
CPC分类号: H04L63/166 , H04L9/3268 , H04L9/3271 , H04L9/3297 , H04L63/0471 , H04L63/0485 , H04L63/0823 , H04L63/0876 , H04L67/1027 , H04L67/1036 , H04L2209/043 , H04L2209/30 , H04L2209/56 , H04L2209/60 , H04L2209/76 , H04L2209/80
摘要: The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.
摘要翻译: 本发明涉及用于在多核系统中管理SSL会话持久性和重用的系统和方法。 第一核心可以指示由第一核心建立的SSL会话是不可恢复的。 响应于指示,核心可以在由多核系统的每个核心访问的存储器中的位置处设置指示符,该指示符指示SSL会话不可恢复。 多核系统的第二核心可以接收重新使用SSL会话的请求。 请求可以包括SSL会话的会话标识符。 此外,会话标识符可以将第一核心识别为SSL会话的建立者。 第二核心可以从会话标识符的编码中识别第二核心是否不是SSL会话的建立者。 响应于识别,第二个核心可能决定是否恢复SSL会话。
-
3.发明授权公开(公告)号:US08352728B2
公开(公告)日:2013-01-08
申请号:US11466033
申请日:2006-08-21
IPC分类号: H04L29/06
CPC分类号: H04L63/0428
摘要: A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two ore more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described.
摘要翻译: 一种使用网络设备有效地缓冲和加密用于传输的数据的方法包括:由设备经由连接接收包括加密消息的两个或更多个SSL记录; 解密两个或多个消息; 通过设备缓冲两个更多的解密消息; 由设备确定已经满足传送条件; 所述设备响应于所述确定,加密所述第一解密消息和所述第二解密消息的一部分以产生第三SSL记录; 以及由所述器具经由第二连接发送所述第三记录。 还描述了相应的系统。
-
4.发明申请SYSTEMS AND METHODS FOR QUEUE LEVEL SSL CARD MAPPING TO MULTI-CORE PACKET ENGINE 有权QUEUE级SSL卡映射到多核心包发动机的系统与方法公开(公告)号:US20110153985A1
公开(公告)日:2011-06-23
申请号:US12645869
申请日:2009-12-23
申请人: Ashoke Saha , Rajesh Joshi , Tushar Kanekar
发明人: Ashoke Saha , Rajesh Joshi , Tushar Kanekar
CPC分类号: G06F21/602 , H04L63/0485 , H04L63/166 , H04L69/12
摘要: The present invention is directed towards systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In various embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines in operation on a multi-core processing system. One or more cryptographic cards can be configured with a plurality of hardware or software queues. The plurality of queues can be assigned to plural packet processing engines so that the plural packet processing engines share cryptographic services of a cryptographic card having multiple queues. In some embodiments, all cryptographic cards are configured with multiple queues which are assigned to the plurality of packet processing engines configured for encryption operation.
摘要翻译: 本发明涉及用于在多核系统中分布式操作多个加密卡的系统和方法。 在各种实施例中,向多核处理系统运行的多个分组处理引擎分配了提供加密/解密资源的多个密码卡。 一个或多个加密卡可以配置有多个硬件或软件队列。 可以将多个队列分配给多个分组处理引擎,使得多个分组处理引擎共享具有多个队列的加密卡的加密服务。 在一些实施例中,所有加密卡配置有分配给配置用于加密操作的多个分组处理引擎的多个队列。
-
5.发明授权Systems and methods for queue level SSL card mapping to multi-core packet engine 有权队列级SSL卡映射到多核包引擎的系统和方法公开(公告)号:US08675674B2
公开(公告)日:2014-03-18
申请号:US12645869
申请日:2009-12-23
申请人: Ashoke Saha , Rajesh Joshi , Tushar Kanekar
发明人: Ashoke Saha , Rajesh Joshi , Tushar Kanekar
IPC分类号: H04L12/28
CPC分类号: G06F21/602 , H04L63/0485 , H04L63/166 , H04L69/12
摘要: The present invention is directed towards systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In various embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines in operation on a multi-core processing system. One or more cryptographic cards can be configured with a plurality of hardware or software queues. The plurality of queues can be assigned to plural packet processing engines so that the plural packet processing engines share cryptographic services of a cryptographic card having multiple queues. In some embodiments, all cryptographic cards are configured with multiple queues which are assigned to the plurality of packet processing engines configured for encryption operation.
摘要翻译: 本发明涉及用于在多核系统中分布式操作多个加密卡的系统和方法。 在各种实施例中,向多核处理系统运行的多个分组处理引擎分配了提供加密/解密资源的多个密码卡。 一个或多个加密卡可以配置有多个硬件或软件队列。 可以将多个队列分配给多个分组处理引擎,使得多个分组处理引擎共享具有多个队列的加密卡的加密服务。 在一些实施例中,所有加密卡配置有分配给配置用于加密操作的多个分组处理引擎的多个队列。
-
6.发明授权Systems and methods for flash crowd control and batching OCSP requests via online certificate status protocol 有权通过在线证书状态协议,闪存人群控制和批处理OCSP请求的系统和方法公开(公告)号:US08627063B2
公开(公告)日:2014-01-07
申请号:US12645907
申请日:2009-12-23
申请人: Christofer Edstrom , Tushar Kanekar
发明人: Christofer Edstrom , Tushar Kanekar
CPC分类号: H04L9/3268 , H04L63/0823 , H04L63/0884 , H04L63/166 , H04L67/2833 , H04L67/2842 , H04L67/2852 , H04L2209/38
摘要: The present invention is directed towards systems and methods for batching OCSP requests and caching corresponding responses. An intermediary between a plurality of clients and one or more servers receives a first client certificate during a first SSL handshake with a first client and a second client certificate during a second SSL handshake with a second client. The intermediary may identify that the statuses of the client certificates are not in a cache of the intermediary. An OCSP responder of the intermediary may transmit a single request to an OCSP server to determine the statuses. The intermediary may determine, from a single response received from the OCSP server, whether to establish SSL connections with the clients based on the statuses. The intermediary may store the statuses to the cache for determining whether to establish a SSL connection in response to receiving a client certificate from the first client.
摘要翻译: 本发明涉及用于批量OCSP请求和缓存相应响应的系统和方法。 在与第二客户端的第二次SSL握手期间,在多个客户端和一个或多个服务器之间的中介在与第一客户端的第一次SSL握手和第二客户端证书期间接收第一客户端证书。 中间人可能会识别客户端证书的状态不在中介缓存中。 中间人的OCSP响应者可以向OCSP服务器发送单个请求以确定状态。 中介可以从OCSP服务器收到的单一响应中确定是否根据状态与客户端建立SSL连接。 响应于从第一客户端接收到客户端证书,中介可以将状态存储到高速缓存以确定是否建立SSL连接。
-
公开(公告)号:US08615654B2
公开(公告)日:2013-12-24
申请号:US13533713
申请日:2012-06-26
申请人: Tushar Kanekar , Sivaprasad Udupa
发明人: Tushar Kanekar , Sivaprasad Udupa
IPC分类号: H04L29/06
CPC分类号: H04L9/3263 , H04L63/166 , H04L2209/80
摘要: A method for enabling efficient SSL handshakes through pre-computing of handshake messages, the method includes: receiving, by an appliance, a server certificate identifying a server; generating, by the appliance, at least one of: (i) an SSL server certificate message comprising the received server certificate, (ii) an SSL client certificate request message, and (iii) an SSL hello done message; storing, by the appliance, the generated messages; receiving, by the appliance from a client, an SSL client hello message identifying the server; and transmitting, by the appliance to the client, an SSL server hello message and at least one of the stored messages. Corresponding systems are also described.
摘要翻译: 一种用于通过预握握握消息来实现有效的SSL握手的方法,所述方法包括:由设备接收识别服务器的服务器证书; 由所述设备生成以下至少一个:(i)包括所接收的服务器证书的SSL服务器证书消息,(ii)SSL客户端证书请求消息,以及(iii)SSL hello完成消息; 由设备存储生成的消息; 用户从客户端接收标识服务器的SSL客户端hello消息; 以及由所述设备向所述客户端发送SSL服务器呼叫消息和所存储的消息中的至少一个。 还描述了相应的系统。
-
公开(公告)号:US20120265991A1
公开(公告)日:2012-10-18
申请号:US13533713
申请日:2012-06-26
申请人: Tushar Kanekar , Sivaprasad Udupa
发明人: Tushar Kanekar , Sivaprasad Udupa
IPC分类号: H04L9/32
CPC分类号: H04L9/3263 , H04L63/166 , H04L2209/80
摘要: A method for enabling efficient SSL handshakes through pre-computing of handshake messages, the method includes: receiving, by an appliance, a server certificate identifying a server; generating, by the appliance, at least one of: (i) an SSL server certificate message comprising the received server certificate, (ii) an SSL client certificate request message, and (iii) an SSL hello done message; storing, by the appliance, the generated messages; receiving, by the appliance from a client, an SSL client hello message identifying the server; and transmitting, by the appliance to the client, an SSL server hello message and at least one of the stored messages. Corresponding systems are also described.
摘要翻译: 一种用于通过预握握握消息来实现有效的SSL握手的方法,所述方法包括:由设备接收识别服务器的服务器证书; 由所述设备生成以下至少一个:(i)包括所接收的服务器证书的SSL服务器证书消息,(ii)SSL客户端证书请求消息,以及(iii)SSL hello完成消息; 由设备存储生成的消息; 用户从客户端接收标识服务器的SSL客户端hello消息; 以及由所述设备向所述客户端发送SSL服务器呼叫消息和所存储的消息中的至少一个。 还描述了相应的系统。
-
公开(公告)号:US08181019B2
公开(公告)日:2012-05-15
申请号:US12489331
申请日:2009-06-22
申请人: Ashoke Saha , Christofer Edstrom , Tushar Kanekar
发明人: Ashoke Saha , Christofer Edstrom , Tushar Kanekar
CPC分类号: H04L63/0823 , H04L9/3268 , H04L63/166
摘要: The present invention is directed towards systems and methods for maintaining Certificate Revocation Lists (CRLs) for client access in a multi-core system. A first core may generate a secondary CRL corresponding to a master CRL maintained by the first core. The CRLs may identify certificates to revoke. The first core can store the secondary CRL to a memory element accessible by the cores. A second core may receive a request to validate a certificate. The second core can provisionally determine, via access to the secondary CRL, whether the certificate is revoked. The second core may also determine not to revoke the certificate. Responsive to the determination, the second core may request the first core to validate the certificate. The first core can determine whether to revoke the certificate based on the master CRL. The first core may send a message to the second core based on the determination.
摘要翻译: 本发明涉及用于在多核系统中维护用于客户端访问的证书吊销列表(CRL)的系统和方法。 第一核心可以产生对应于由第一核心维护的主CRL的次级CRL。 CRL可以识别要撤销的证书。 第一个核心可以将次级CRL存储到可由内核访问的内存元素。 第二个核心可能会收到验证证书的请求。 第二个核心可以通过访问次级CRL临时确定证书是否被撤销。 第二核心也可能决定不撤销证书。 响应确定,第二个核心可能要求第一个核心验证证书。 第一个核心可以确定是否根据主CRL撤销证书。 基于确定,第一核心可以向第二核心发送消息。
-
公开(公告)号:US20120117375A1
公开(公告)日:2012-05-10
申请号:US13346314
申请日:2012-01-09
申请人: Tushar Kanekar , Sivaprasad Udupa
发明人: Tushar Kanekar , Sivaprasad Udupa
IPC分类号: H04L29/06
CPC分类号: H04L63/166
摘要: A method for buffering SSL handshake messages prior to computing a message digest for the SSL handshake includes: conducting, by an appliance with a client, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages; storing, by the appliance, the plurality of SSL handshake messages; providing, by the appliance to a message digest computing device in response to receiving a client finish message corresponding to the SSL handshake, the plurality of SSL handshake messages; receiving, by the appliance from the message digest computing device, a message digest corresponding to the provided messages; determining by the appliance, the message digest matches a message digest included in the SSL client finish message; and completing, by the appliance with the client, the SSL handshake. Corresponding systems are also described.
摘要翻译: 用于在计算用于SSL握手的消息摘要之前缓存SSL握手消息的方法包括:由具有客户端的设备进行SSL握手,所述SSL握手包括多个SSL握手消息; 由设备存储多个SSL握手消息; 响应于接收到与所述SSL握手相对应的客户端完成消息,所述设备向消息摘要计算设备提供所述多个SSL握手消息; 由所述设备从所述消息摘要计算设备接收与所提供的消息相对应的消息摘要; 由设备确定消息摘要与SSL客户端完成消息中包含的消息摘要相匹配; 并由用户与客户端完成SSL握手。 还描述了相应的系统。
-
-
-
-
-
-
-
-
-
搜索结果
31 条记录 (耗时 0.036 秒)
